ClawHub

Vulnerability Analysis Hub

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate vulnerability-analysis skill, but it gives an agent broad execution and reverse-engineering authority without enough user-confirmation boundaries.

Install only if you intend to use it for controlled security research or authorized vulnerability analysis. Treat it as a Review item because it can guide the agent to run local commands, modify IDA analysis state, start or stop analysis processes, and perform exploit-adjacent workflows; require explicit confirmation before fuzzing, patching, executing IDA Python, killing processes, or writing reports/files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger list is very broad and includes generic security terms such as '故障分析', '安全审计', and 'PoC', which can cause the skill to activate in contexts where the user did not explicitly request high-risk vulnerability or exploit tooling. In a skill that exposes reverse-engineering, fuzzing, patching, and exploit-adjacent capabilities, overbroad activation increases the chance of unintended invocation of dangerous workflows.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
This section documents system-impacting actions including process killing, patching bytes/assembly, redefining code, saving modified databases, and executing Python in the IDA context, but does not present a prominent safety warning or require explicit confirmation. In practice, a user or downstream agent could follow these instructions and alter files, terminate processes, or modify analysis state unexpectedly, creating integrity and availability risks on the host system.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal